INSIGHT: Cyber soldiers of fortune attack US companies

24 October 2013 16:14  [Source: ICIS news]

By Joe Kamalick

US firms vulnerable to new cyber attacksWASHINGTON (ICIS)--Soldiers of fortune have sold their swords since the days of ancient Egypt, so it was inevitable that hired guns would migrate to the Internet with cyber-soldiers selling their hacker talents to the highest bidder.

In a new report, computer security giant Symantec has identified a group called Hidden Lynx, described as a highly professional team of IT raiders with advanced capabilities that operates as a “hackers for hire” organisation - or cyber soldiers of fortune.

Although these cyber raiders don't risk life or limb in their campaigns, they can do major damage to governments and industries alike, according to Symantec.

A spokesman for Symantec said that the Hidden Lynx group is probably operating out of China, but that is just a guess.

All that Symantec knows for sure is that Hidden Lynx’s hardware hub is in the Middle Kingdom.

“Based on our analysis, we believe the group is operating out of China - given that the command and control servers are hosted in China,” said the spokesman, “but we cannot confirm who is actually behind the Hidden Lynx group”.

The servers are in China, but the Hidden Lynx operators might as easily be based in Europe, elsewhere in Asia or even in the US.

The emergence of this freelance cyber-attack group represents a new escalation of risk for US companies with high-tech formulations, processes and products.

The difference between Hidden Lynx and longstanding cyber threats to US technology companies is that earlier attacks often were nation-sourced, with the Beijing government in China most often identified as the prime mover.

Earlier this year, President Barack Obama’s national security advisor, Tom Donilon, warned that cyber-attacks from China have reached an unprecedented scale, saying that the US cannot further accept such intrusions.

But Hidden Lynx apparently offers its hacker resources to anyone willing to pay, including governments other than China’s and even companies seeking intelligence and trade secrets from competitors.

Hidden Lynx offers a “hackers for hire” operation that is tasked with “retrieving specific information from a wide range of corporate and government targets”, said the Symantec report.

“The group uses cutting-edge attack techniques which makes this team stand out from other major attack groups,” said Symantec.

“They are a highly efficient team [that] can undertake multiple campaigns at once, breach some of the world’s best-protected organisations and can change their tactics quickly to achieve their goal,” it added.

The networks, servers and even individual computers at US chemical companies are often the target of cyber-attacks, according to federal security officials.

The White House has taken steps to avert what the Obama administration fears could be a “cyber Pearl Harbor”, in which a foreign government launches an all-out attack on US infrastructure and industry.

Dow Chemical, among others, has urged Congress to craft a comprehensive federal plan to thwart cyber-attacks, and US intelligence officials warn that the cyber threat has reached “crisis levels”.

Hidden Lynx, says Symantec, has been in operation since 2009 and “they are methodical in their approach and they display a skillset far in advance of some other attack groups also operating in that region”.

The secretive group poses “an advanced persistent threat that has been in operation for at least four years and is breaking into some of the best-protected organisations in the world”.

The Symantec report notes that in February this year, Bit9 - a major provider of cyber security for corporate computer systems - announced that its own network had been compromised by a malicious third party, Hidden Lynx, that broke into the company’s system.

Symantec said that breach ultimately extended to the US defence industrial sector.

The Hidden Lynx group, said Symantec, “has a history of attacking the defence industrial sectors of Western countries”.

Whether their clients are governments or corporations, the Hidden Lynx group is “likely tasked with obtaining very specific information that could be used to gain competitive advantages at both a corporate and nation state level”, Symantec said.

“It is unlikely that this organisation engages in processing or using the stolen information for direct financial gain,” the report says.  “Their mode of operation would suggest that they may be a private organisation of ‘hackers for hire’ who are highly skilled, experienced professionals whose services are available for those willing to pay.”

Since November 2011, Hidden Lynx attacks have been focused most often on US targets, representing nearly 53% of the group’s cyber warfare assaults. 

Taiwan is the next most-frequent target, accounting for more than 15% of the attacks from Hidden Lynx. This suggests, of course, that the Hidden Lynx operators are indeed China-based.

Among the industries targeted by Hidden Lynx, financial institutions, university research facilities and government and government contractors are prime objectives, accounting for nearly 60% of the group’s probes.

But companies focused on military defence and the broader industry and engineering fields - including chemistry - also are primary targets.

Paul Hodges studies key influences shaping the chemical industry in Chemicals and the Economy

By: Joe Kamalick
+1 713 525 2653

AddThis Social Bookmark Button

For the latest chemical news, data and analysis that directly impacts your business sign up for a free trial to ICIS news - the breaking online news service for the global chemical industry.

Get the facts and analysis behind the headlines from our market leading weekly magazine: sign up to a free trial to ICIS Chemical Business.

Printer Friendly